Arch Linux developers have been facing an ongoing challenge with the insertion of malicious code into the Arch User Repository (AUR) despite their efforts to prevent such incidents. Recently, another 54 packages in the AUR, which had been left without maintainers, were found to have malicious code inserted into them. This development comes after previous attacks on the npm package manager, with this attack using the bun platform to install malicious dependencies.
In a bid to evade the filters in place, the attackers included an obfuscated line within the post_install function of the affected packages. This line calls the “bun add” command, which then installs packages with malicious code designed to scan for and transmit keys, tokens, and credentials to an external server.
This incident highlights the ongoing battle faced by Arch Linux developers in securing the AUR against malicious attacks. With the insertion of harmful code into multiple packages, it is evident that further measures need to be taken to enhance the security and integrity of the Arch User Repository.